Microsoft » Silverlight : Security Vulnerabilities, CVEs, Published In 2013
CVE-2013-3896
Known exploited
Public exploit
Microsoft Silverlight 5 before 5.1.20913.0 does not properly validate pointers during access to Silverlight elements, which allows remote attackers to obtain sensitive information via a crafted Silverlight application, aka "Silverlight Vulnerability."
Max CVSS
4.3
EPSS Score
23.94%
Published
2013-10-09
Updated
2018-10-12
CISA KEV Added
2022-05-25
Microsoft Silverlight 5 before 5.1.20513.0 does not properly initialize arrays, which allows remote attackers to execute arbitrary code or cause a denial of service (NULL pointer dereference) via a crafted Silverlight application, aka "Null Pointer Vulnerability."
Max CVSS
9.3
EPSS Score
93.79%
Published
2013-07-10
Updated
2018-10-12
Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, and 4.5, and Silverlight 5 before 5.1.20513.0, does not properly prevent changes to data in multidimensional arrays of structures, which allows remote attackers to execute arbitrary code via (1) a crafted .NET Framework application or (2) a crafted Silverlight application, aka "Array Access Violation Vulnerability."
Max CVSS
9.3
EPSS Score
84.19%
Published
2013-07-10
Updated
2018-10-12
Microsoft .NET Framework 3.0 SP2, 3.5, 3.5.1, 4, and 4.5; Silverlight 5 before 5.1.20513.0; win32k.sys in the kernel-mode drivers, and GDI+, DirectWrite, and Journal, in Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT; GDI+ in Office 2003 SP3, 2007 SP3, and 2010 SP1; GDI+ in Visual Studio .NET 2003 SP1; and GDI+ in Lync 2010, 2010 Attendee, 2013, and Basic 2013 allow remote attackers to execute arbitrary code via a crafted TrueType Font (TTF) file, aka "TrueType Font Parsing Vulnerability."
Max CVSS
9.3
EPSS Score
63.68%
Published
2013-07-10
Updated
2023-12-07
CVE-2013-0074
Known exploited
Public exploit
Used for ransomware
Microsoft Silverlight 5, and 5 Developer Runtime, before 5.1.20125.0 does not properly validate pointers during HTML object rendering, which allows remote attackers to execute arbitrary code via a crafted Silverlight application, aka "Silverlight Double Dereference Vulnerability."
Max CVSS
9.3
EPSS Score
96.22%
Published
2013-03-13
Updated
2021-09-22
CISA KEV Added
2022-05-25
5 vulnerabilities found